Ekubo hack drains $1.36M in 85 transactions

Ekubo, a decentralized exchange built on Starknet, disclosed a security incident involving swap router contracts across Ethereum [$ETH] and Arbitrum [ARB]. As the warning spread, concerns quickly shifted toward wallet approvals and user asset exposure across connected DeFi routes.

However, the protocol clarified that Starknet infrastructure and liquidity providers remained unaffected, which helped reduce broader contagion fears.

Source: Ekubo on X

Even so, the exploit exposed deeper pressure inside DeFi’s approval-based structure because router contracts directly manage token transfers between users and liquidity pools.

Once attackers gain malicious access, approved wallets can lose funds rapidly before users react. Therefore, Ekubo urged users to revoke permissions tied to three affected Ethereum and Arbitrum router addresses.

Meanwhile, phishing warnings emerged, reinforcing rising security risks and weakening short-term user confidence across DeFi markets.

Ekubo exploit exposes cross-chain routing risks

Ekubo’s exploit unfolded rapidly after attackers executed 85 separate transactions, quietly draining 17 WBTC through repeated 0.2 WBTC transfers. As the movement continued, the stolen funds flowed into Velora, where attackers converted them into $404K USDC, $403K DAI, and 239.5 $ETH.

Soon after, the assets consolidated into 577 $ETH worth nearly $1.36 million before being routed toward Tornado Cash. Mixers obscure transaction trails, slowing recovery efforts and enabling attackers to move freely across interconnected chains.

Source: X

Meanwhile, the exploit exposed growing pressure inside cross-chain DeFi infrastructure. Router systems improve liquidity efficiency, yet increasing interoperability also expands attack surfaces and smart contract complexity.

Consequently, repeated routing exploits may weaken user confidence, reduce short-term liquidity activity, and increase caution around approval-heavy DeFi participation.

Ekubo exploit revives DeFi routing fears

Ekubo’s $1.4 million exploit exposed how DeFi’s pursuit of capital efficiency still collides with persistent infrastructure vulnerabilities. Attackers exploited unlimited ERC-20 approvals granted weeks or months ago by manipulating callback logic within the protocol’s extension contract.

Although Starknet liquidity pools remained untouched, the exploit still revived concerns around approval contagion across Ethereum and Arbitrum routing layers. Router contracts increasingly operate as shared liquidity infrastructure, which makes recurring exploit structures more systemic than isolated.

Meanwhile, DeFiLlama data shows cumulative DeFi losses above $7.7 billion, while bridge exploits alone approach $2.9 billion historically. Notably, Ekubo’s pre-exploit TVL stood near $38 million, which limited broader contagion risks.

Still, repeated router exploits may weaken confidence while accelerating demand for security-focused DeFi infrastructure.

Final Summary

Ekubo’s $1.4 million exploit showed how compromised router approvals can rapidly drain funds across interconnected DeFi liquidity systems.

The loss of 577 $ETH reinforced growing concerns around cross-chain routing risks, approval contagion, and weakening user confidence in DeFi infrastructure.